Running dropbear as unprivileged user to a single user SSH Server
Rob Landley
rob at landley.net
Fri Sep 2 00:26:14 WST 2011
On 08/31/2011 08:30 AM, Antoine Catton wrote:
> Hello,
>
> On Wed, 2011-08-31 at 06:46 -0500, Rob Landley wrote:
>> 1) The comments don't add anything here. (If userspace enabled? Here's
>> what getlogin() does? Here's the end of the #ifdef seven lines earlier?)
>>
>> 2) The first line of that hunk creates a copy of username, then you
>> check if you need to free that copy and make a different copy. Seems
>> like a waste of work to me?
>>
>> 3) The Linux kernel uses a trick where it #defines is_singleuser() in a
>> header somewhere to either a constant 0 (so the compiler's dead code
>> elimination chops out the code) or else to svr_opts.singleuser, so you
>> could just do:
>>
>> if (is_singleuser()) {
>> m_free(username);
>> username = m_strdup(getlogin());
>> } else username = buf_getstring(ses.payload, &userlen);
>>
>
> I’m trying to improve my patch. But I just figured out I didn't really
> get what you wanted.
>
> Do you want me to not use C Preprocessor statements ?
http://doc.cat-v.org/henry_spencer/ifdef_considered_harmful.pdf
http://www.linuxjournal.com/article/5780?page=0,3
> Do you want to enable root running dropbear in single user mode ?
That's really a question for Matt, I was asking if the complexity of the
extra configuration option is worthwhile.
If you think root shouldn't be allowed for this mode, then don't allow
it. However, if people can set arbitrary environment variables for a
daemon running as root, then they can LD_PRELOAD their way to arbitrary
behavior.
> Could you tell me how should I improve this patch ?
Simplify it as much as possible. (Simplifying the patch itself merely
makes it less intrusive, simplifying the resulting dropbear code is far
more impressive.)
But again, Matt's the guy with the final say here...
Rob
More information about the Dropbear
mailing list